Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.
This week on Federal Tech Talk, host John Gilroy interviews Michael Friedrich, chief architect at Cyxtera Technologies – Federal. He has a background in senior engineering positions in organizations like SAVVIS, Terramark, Verizon, and IBM. Many of the projects he was involved with included agencies like the FBI and the White House.
Because of this experience, he has a unique ability to expand on the concept of cybersecurity and zero trust. People who have been involved in networking for their careers know that the Virtual Private Network (VPN) has been around since the mid-1990s. During the discussion Friedrich states that the VPN was a great solution in its time, but cybersecurity has moved on.
Today’s network environment assumes that attackers are inside the system, what is commonly known as internally compromised clients. The VPN can be viewed as just another option for entering a federal system and then moving horizontally. Friedrich says that the new perimeter is the person.
He talks about Multiple Authentication Transport Layer Security. This means to authenticate first, then allow access to specific sets of data. This authentication can involve identifying devices, locations, and even time of access. Today, this concept is commonly known as zero trust.
Firewalls have evolved into systems that have thousands of rules, a complexity that gets in the way of responding to a threat. In order to protect high value data sets, one must not assume data is available on a need to know basis.